Download the PHP package montag-webstudios/composer-update-guard without Composer
On this page you can find all versions of the php package montag-webstudios/composer-update-guard. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download montag-webstudios/composer-update-guard
More information about montag-webstudios/composer-update-guard
Files in montag-webstudios/composer-update-guard
Package composer-update-guard
Short Description Composer plugin that requires confirmation before a full 'composer update'. Protects teams from accidental full dependency updates and supply-chain attacks. Targeted updates (composer update vendor/package) stay allowed.
License MIT
Informations about the package composer-update-guard
composer-update-guard
A global Composer plugin that requires confirmation before a full composer update. It prevents accidental full dependency updates across the team — a common entry point for supply-chain attacks.
composer update→ guarded (prompt; aborts with exit code 1 in--no-interactionmode)composer update vendor/package→ allowed (targeted, reviewed update)composer update --dry-run→ allowed (writes nothing)composer update --lock→ allowed (lock hash only)composer install,composer require …,composer remove …→ untouched
The plugin is installed globally per development machine and therefore automatically protects all of that user's projects.
Installation (once per team member)
Via Packagist
Directly from the Git repository (without Packagist)
The
allow-plugins.montag-webstudios/composer-update-guard trueline is required as of Composer 2.2 so the plugin is allowed to load. If omitted, Composer will prompt interactively on first run.
Verify it is active
Uninstall
Publishing (maintainers)
- Push this repository to
https://github.com/montag-webstudios/composer-update-guard. - Submit it on https://packagist.org (Submit → repository URL). Add the GitHub webhook so Packagist auto-updates on push.
- Tag a release (e.g.
git tag v1.0.0 && git push --tags) so a stable version is installable.
Notes
- Acts only locally on the development machine. CI should use
composer install(lock-based) instead ofcomposer updateanyway; an accidentalcomposer update --no-interactionin a script is stopped by the guard with exit code 1. - If you fork this under a different vendor, adjust
name, theautoloadnamespace,extra.classincomposer.json, and the namespace insrc/.
All versions of composer-update-guard with dependencies
composer-plugin-api Version ^2.0